package safecheck

import (
	"gopkg.in/mgo.v2"
	"log"
	"server/models"
	"strings"
	"time"
)

type stats struct {
	ServerList []string `bson:"server_list"`
	Count      int      `bson:"count"`
}

//待检测队列
var ScanChan = make(chan models.DataInfo, 4096)
var cache []string

//检测引擎结构
type Check struct {
	Info        models.DataInfo   // 待检测数据集
	V           map[string]string // 当前检测数据内容
	Value       string            // 触发规则的信息
	Description string            // 规则简介信息
	Source      string            // 警报来源
	Level       int               // 警报等级
	CStatistics *mgo.Collection   // 统计表
	CNoice      *mgo.Collection   // 警报表
}

//黑名单检测
func (c *Check) BlackFilter(){
	var keyword string
	var blackList []string
	regex := true
	switch c.Info.Type {
	case "process":
		blackList = models.Config.BlackList.Process
		keyword = c.V["name"]
	case "connection":
		blackList = models.Config.BlackList.IP
		keyword = strings.Split(c.V["remote"],":")[0]
		regex = false
	case "loginlog":
		blackList = models.Config.BlackList.IP
		keyword = c.V["remote"]
		regex = false
	case "file":
		blackList = models.Config.BlackList.File
		keyword = c.V["hash"]
		regex = false
	case "crontab":
		blackList = models.Config.BlackList.File
		keyword = c.V["command"]
	default:
		blackList = models.Config.BlackList.Other
		keyword = c.V["name"]
	}
	if len(blackList) >= 1 && inArray(blackList, strings.ToLower(keyword),regex){
		c.Source = "blacklist"
		c.Level = 0
		c.Description = "存在于黑名单列表中"
		c.Value = keyword
		c.warning()
	}
}

//白名单筛选


//威胁情报接口检测

//开始检查
func (c *Check) Run() {

}

// 安全检测线程
func ScanMonitorThread() {
	log.Println("Start Scan Thread")
	// 10个检测goroutine
	for i := 0; i < 10; i++ {
		go func() {
			c := new(Check)
			c.CS
		}()
	}
	ticker := time.NewTicker(time.Second * 60)
	for _ = range ticker.C {
		cache = []string{}
	}
}
